Friday, October 14, 2016

Posted by Martin Swende
on October 13th, 2016.
During the last couple of weeks, the Ethereum network has
been the target of a sustained attack. The attacker(s) have been very
crafty in locating vulnerabilities in the client implementations as well
as the protocol specification.
While the recent patches have led to an overall increased resiliency
in the client implementations, the attacks have also demonstrated that a
lower-level change to the EVM pricing model is needed.
For many users, the most visible consequence is probably that they
are having difficulties getting transactions included in blocks, and
full nodes are facing memory limitations in managing the bloated state.
This is our strategy to address these issues:

As a temporary measure to minimize the effects of the most recent
attack, we recommend all miners to lower the gaslimit to 500K gas.

A hard-fork based on EIP 150 version 1c will be put into effect at block 2457000 [see below]. This will reprice certain operations to correspond better to the underlying computational complexity.

A second hard-fork will follow shortly after, aimed at reverting the
current “state-bloat” introduced by the attacks. This second fork will
serve to remove accounts which are empty; lacking code, balance, storage
and nonce == 0.

We have implemented the changes required in the clients and are
currently extending and adding tests in an effort to prevent the
introduction of consensus-breaking vulnerabilities.
And as a reminder, the Ethereum Bug Bounty is open and includes the new hardfork-implementations.
EDIT: Fork block has been moved to 2463000 in order to accommodate even more testing